I have a Bot Framework Skill written with C# which relays messages from a back end service to a Consumer Bot made with Bot Framework Composer. The Skill Bot receives the messages from the backend service on a separate controller api/message/BackendMessage.
[Route("api/message")]
[ApiController]
public class SkillBotBackendController : ControllerBase
{
...
When the Skill Bot receives the message, it sends it into the conversation with the Consumer Bot like this...
[HttpPost]
[Route("BackendMessage")]
public async Task PostAsync([FromBody] BackendMessage content)
{
...
await _botFrameworkAdapter.ContinueConversationAsync(
msAppId,
conversationRec.ConversationReference,
(ITurnContext turnContext, CancellationToken cancellationToken) =>
turnContext.SendActivityAsync(MessageFactory.Text(backendMessage),
cancellationToken), default(CancellationToken));
The Consumer Bot can see all of the messages coming directly from the Skill Bot, but not the ones that the Skill Bot receives from the backend service. Here's some ngrok entries that show...
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/e13d97b4-c715-4572-8d 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 401 Unauthorized
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
POST /api/skills/v3/conversations/ba72ce2d-3a86-4d86-b640-9a4f3c4d5996/activities/52e6e511-8f72-4b55-97 200 OK
The messages that are being rejected have a different HttpContext.Request.Headers["Authorization"]
token than the other ones, the audience for the accepted token has the app id of the composer bot, the audience on the rejected token is https://api.botframework.com.
Hoping there's an easy explanation and solution.